Inter vlan routing on a Cisco SF 300-24 port switch only no internet except when scanning with wireshark

Similar Questions

• Catalyst 6500 Inter-VLAN routing

  I have a Cisco 6500 switch and I have a question about routing inter - vlan and the command "IP ROUTING".  I use dial-up virtual interfaces (I.e. int vlan 2, int vlan 3, etc.), but I noticed that I don't have the IP ROUTING enabled on my switch but I can route properly between the VLANS.  I have even a little ports that I have configured with the command "no switchport" and I assigned an IP address to these ports.  On routed ports, there is another switch on the other side configured with an IP address and I am able to ping and route traffic to the other network.

  I did some research on this and all the documentation I am able to find talk of how you must enable IP ROUTING to route between the VLANS.  I guess that this should only be done if you go to the road to other not directly connected networks.

  http://www.ccnpguide.com/CCNP-switch-642-813-inter-VLAN-routing/

  http://www.Cisco.com/c/en/us/TD/docs/iOS-XML/iOS/lanswitch/configuration/12-2Sx/lsw-12-2Sx-book/lsw-VLAN-cfg-RTG.html#GUID-F5181D47-F44E-4F01-92E4-9132097BA333

  Can someone clarify this for me?

  For the 6500 Series, IP routing is enabled by default, that so all VLAN can communicate with each other.  You don't need to activate as you do for other switches (IE 3560, 3750, 3850, etc...)

  HTH

• RV180 router: impossible to get Inter-VLAN routing to work.

  I've been hit in this now for two days and just can't get Inter-VLAN routing to work on this router.

  Here is the place is:.

  Updated to the latest firmware of Cisco (1.0.1.9).
  From default settings, I added 2 VLAN as follows:

  VLAN (id = 1) default: dhcpmode = port IP=192.168.1.1/24 from server 1
  VLAN vlan2 (id = 2): dhcpmode = port IP=192.168.2.1/24 from Server 2
  VLAN vlan3 (id = 3): dhcpmode = port IP=192.168.3.1/24 Server 3

  (without link)
  WAN port
  |
  Routing/NAT
  |
  --------------------------------------
  VLAN ip 192.168.1.1 192.168.2.1 192.168.3.1
  name of VLAN by default vlan2, vlan3
  VLAN id ID = 1 ID = 2 ID = 3
  Inter-VLAN only routing Yes Yes
  Excluded excluded unidentified 1 port
  2 excluded excluded Untagged port
  Port 3 unmarked excluded except
  Port 4 (not interest) without excluded tag excluded
  ---------      --------     --------
  1 2 3 Port port
  |              |            |
  AdminPC PC3 PC2
  192.168.2.191 192.168.3.181

  PC2 is assigned an IP address of 192.168.2.191 (DGW = 192.168.2.1) - OK
  PC3 is assigned an IP address of 192.168.3.181 (DGW = 192.168.3.1) - OK

  (IP 192.168.2.191) PC2 can ping 192.168.2.1 and 192.168.3.1 - OK
  (IP 192.168.3.181) PC3 can ping 192.168.3.1 and 192.168.2.1 - OK

  BUT...
  PC2 cannot ping PC3 - don't DO NOT WORK
  PC3 can not ping PC2 - don't DO NOT WORK

  (does not work in gateway and router Mode)

  CAN SOMEONE HELP ME UNDERSTAND WHY?

  Your help is very appreciated.

  I bought this unit specifically because she supported routing inter - VLAN!

  Vlaminck

  ---------------------------------------------------------------------------

  Support information:

  Screenshots:
  Belonging to a VLAN:
  VLAN ID Description Inter VLAN device Port 1 Port 2 Port 3 Port 4
  Routing Mgment
  1 default disabled enabled unmarked excluded excluded unlabeled
  2 active active VLAN2 excluded unmarked excluded excluded
  Unmarked 3 VLAN3 active active excluded excluded excluded

  Several subnets VLAN:
  VLAN ID IP address Subnet Mask DHCP DNS Proxy Mode status
  1 192.168.1.1 255.255.255.0 DHCP Server enabled
  2 192.168.2.1 255.255.255.0 DHCP Server enabled
  3 192.168.3.1 255.255.255.0 DHCP Server enabled

  Routing table (Bridge Mode)

  Destination Gateway Genmask Metric Ref use Interface Type flags
  127.0.0.1 127.0.0.1 255.255.255.255 1 0 0 static lo upward, gateway, host
  192.168.3.0 0.0.0.0 255.255.255.0 0 0 0 dynamic bdg3 to the TOP
  192.168.2.0 0.0.0.0 255.255.255.0 0 0 0 dynamic bdg2 upward
  192.168.1.0 0.0.0.0 255.255.255.0 0 0 0 static bdg1 to the TOP
  192.168.1.0 192.168.1.1 255.255.255.0 1 0 0 static bdg1 upward, gateway
  127.0.0.0 0.0.0.0 255.0.0.0 0 0 0 lo dynamic

  Routing table (router Mode)

  (Ditto)

  Hello

  It's not because the pings are allowed on the same subnet that they come from a different subnet.

  You probably have a firewall problem windows software because that by default, it removes a different subnet icmp echoes.

  Concerning

  Alain

  Remember messages useful rate.

• RV110W inter-VLAN-routing is not possible

  In Cisco RV110W, I set up 2 VLANS, a 192.168.1.xxx (Green Net) and the second with only a fixed address 192.168.2.100 192.168.2.xxx (Server), which is configured in the DMZ area. I enabled in Cisco "inter-VLAN-Routing", described "routing between separate VLANs on Cisco RV110W" I can Ping the server in a direktion, the other I got an error. It is just expected and ok! All other abilities expected work well!

  Now, I want to see the Green network server. (firewall on the server is off)

  I configured the network/router with exactly the values of the index and has been an error: "destination LAN IP may not be the same as the router's IP subnet.

  Sorry, I don't understand this. Can anyone help?

  Thank you in anticipation

  Anton

  

  If I understand correctly, you have a second vlan, 192.168.2.x. The RV110W is a member of this subnet so that's why we do not have a static route for something that the router knows that she welcomes this subnet.

  -Tom
  Please evaluate the useful messages

• PowerConnect 3548P Inter VLAN routing

  Hello

  I need to help the flow of traffic to and from our new voice VLAN 3. Here is our first series:

  3548P

  VLAN 1 (data) is 10.0.0.85/24

  VLAN 3 (voice) is 10.0.3.9/24

  The default gateway of our firewall is 10.0.0.254. Would it be the GW I set up for the switch? I am completely confused!

  We also have an another Powerconnect 5524P we want to connect to and route traffic as well. Do we need to add 3 VLAN in there too? If so, I wouldn't need to add a VLAN 3 management interface except perhaps default VLAN 1 correct?

  I guess my question is, what other options do I need to enable to do everything 'talk '? I should mention that we also have a Watchguard X550e. I have to configure something there?

  If you need more information or background, I can certainly provide.

  Thank you!

  Thanks for the update, good to hear VLAN routing works.

  Try to set the default gateway on the switch. You will use the IP address of the firewall.

  Example:

  Console (config) #ip - default gateway (IP address of firewall)

  If this does not work, then add a static route on the switch that directs traffic on the firewall.

  console (config) #ip 0.0.0.0 route 0.0.0.0 (IP address of firewall)

• How to connect Cisco SG-300-10 L3 switch selector mode in Mode of L2 SG-300-20

  Ladies and gentlemen, please forgive me if you find my question too basic. But, I would really appreciate your help. I have two Cisco switches (SG-300-10 and SG-300-20) and I am struggling to connect with each other.

  Requirements: Switch Cisco SG-300-10 which is in needs of L3 mode to send the traffic of VLAN tagged to the switch Cisco SG-300-20, which is the mode of L2

  What I've done so now

  1 Cisco SG-300-10 (Mode L3) to the router directly connected and configured IP addresses, 192.168.0.21. The GVRP is configured for Port 5. Created the VLAN 1000 with interface IP (192.168.100.1) and configured the Port 5 trunk mode (1U, 1000 t)

  2 connected Cisco SG-300-20 (L2 Mode) to the router and set up the IP address management, 192.168.0.22. The GVRP is configured for Port 5. 1000 of VLANS created and configured the Port 5 trunk mode (1U, 1000 t)

  What does not work

  I can't access the address of management of the L2 (192.168.0.22) switch. Note that the L2 switch only on the uplink, which is to the L3 switch. Since the Port 5 also receives no marked traffic of VLAN1 (192.168.1.1), I'm assuming that he would receive the network management of VLAN1.

  Other Observations

  When I connect the cable between the two switches Port5, I expect to exchange information of VLAN, by documentation. But the lights flash at all.

  I tried other things

  I tried to connect Port 2 (1U) L3 Switch switch 2 L3 Port (1U). Yet, I can't access to the management of the L2 switch port. However, when I connect 2-Port L3 switch to my laptop, I get an IP address. That tells me that I have to solve the problem of management network pair before the switches.

  Hi Späti,

  I think the confusion is the use of the address IP address to you and how you manage your computer.

  VLAN 1 = 192.168.1.1

  VLAN 1000 = 192.168.0.21

  How I read that you connect layer 2 VLAN 1 on 192.168.0.21 switch to layer 3 of the same VLAN 1 interface to 192.168.1.1. It's confusing.

  So first thing to do is this - change layer 2 switch network 192.168.1.x IP and confirm management works on VLAN 1.

  If you want to layer 2 switch works on VLAN 1000, then you need to change the default VLAN 1000, then you can configure your uplink either as the way which you have 1u, 1000 t, or you can use 1000u.

  Your management VLAN on the layer 2 switch is VLAN 1 still unless you changed it (which did you not?)

  A next important thing for the layer 2 switch is going to be the default gateway. The switch of level 3, you need to specify the address IP of the VLAN 1000, which I think you did to 192.168.0.21/24. This 192.168.0.21 must be the default gateway for the layer 2 switch.

  Finally, the computer you connect to layer 3 switch, what that either VLAN that you choose to connect to (1 unidentified), you need to set the IP and default gateway appropriate. So if you're going to VLAN 1 then your computer is 192.168.1.x with gateway 192.168.1.1

  And for the comment extra, GVRP is a horrible Protocol and very pitiful, I don't recommend to use.

• list access inter vlan routing

  I've implemented on cisco switch access list 3560, but it never works.

  I want to block access to network B to network A and allow Ato b

  10.0.12.0/24 network.

  B 10.0.24.0/24 network

  The configuration is

  interface Vlan1

  Data VLAN description

  10.0.12.10 IP address 255.255.255.0

  !

  interface Vlan24

  training description VLAN

  IP 10.0.24.10 255.255.255.0

  !

  IP classless

  IP route 0.0.0.0 0.0.0.0 10.0.12.1

  IP http server

  IP http secure server

  !

  activate the IP sla response alerts

  access-list 101 permit ip 10.0.12.0 0.0.0.255 10.0.24.0 0.0.0.255

  access-list 101 deny ip 10.0.24.0 0.0.0.255 10.0.12.0 0.0.0.255

  access list 101 ip allow a whole

  Y at - it an idea that I can block the access of 10.0.24.0/24 t0 10.0.12.0/24

  Hi Marc,

  I see that you have created the access list but you have not applied it on the interface with the command "ip access-group. For that to work, you must apply the acl on the L3 interface as below.

  If you change the configuration as below.

  no access list 101 didn't allow ip 10.0.12.0 0.0.0.255 10.0.24.0 0.0.0.255

  access-list 101 deny ip 10.0.24.0 0.0.0.255 10.0.12.0 0.0.0.255

  access list 101 ip allow a whole

  !

  interface Vlan24

  training description VLAN

  IP 10.0.24.10 255.255.255.0

  IP access-group 101 in

  Concerning

  Najaf

  Please rate when there is place or useful!

• Changes in the incoming packets to address SG300 inter - VLAN routing and MAC

  Hello

  I SG300-20 operates in Layer 3 mode

  Vlan1 is not used

  Gateway Internet is VLAN211

  Customers are in other VLANs

  Switch is the default gateway for clients and itself has internet gateway as default route.

  The switch MAC address is XX:XX:XX:XX:XX:63

  When the client sends traffic destined for Internet MAC address in outgoing packets is XX:XX:XX:XX:XX:63

  But in incoming packets the source MAC address is XX:XX:XX:XX:XX:69

  Why change? And how can I set the switch to use MAC XX:XX:XX:XX:XX:63 address?

  I finished the event and found that it does not change as expected. When you use the switch to Layer 3, routing, with or without him as your default gateway, it will happen.

  I tested two different VLAN in two different ways, and every time that I ping via the switch to a different subnet, the MAC source on the return package was different on the last two. This is due to the fact that the return traffic through a different interface on the switch.

  Currently, there is no option to change this.

• Configure the VLAN voice and data in CISCO SF 300 8 P

  I have a couple of Cisco SF 300 8 P and P 24 switches. I have voice and data VLANS configured as:

  Data VLAN: default 145.17.59.0/24

  Voice VLANS: VLAN 20 172.22.20.0/24

  I have different DHCP servers regarding the data VLAN, we have a physical server that is configured for 145.17.59 * extended IP and Voice VLAN DHCP Server is configured as a router gateway with option 150.

  This configuration works very well with other cisco 2960 switches and 3750 etc. except CISCO SF 300 8 P and 24 p. I tried to set up the voice and data VLAN in these CISCO switches so that phone CISCO (model 6941) should get IP of the VLAN voice and PC should get the IP address of the DHCP server on the data VLAN. I tried several techniques such as LLDP, Port-to-VLAN Config etc.

  Can anyone please guide me / help on this.

  Kind regards
  A K.M.Sayeed

  Hi A.K.M., with Cisco phones you should be able to define simply automatic voice VLAN to be VLAN20.

  ID of the vlan 20 voices

  You must ensure CDP or LLDP is enabled as well. I would check in the web GUI. DHCP for phones can come from a DHCP server on a port access VLAN20 switch, or you can use dhcp for assistance to redirect DHCP server elsewhere.

  If you prefer or you have problems with the CDP or LLDP, you can also program the ports as trunks and add the tag VLAN 20 for them.  In this scenario, you need to ensure inter - vlan routing works and phones that download the file config with corrrect VLAN config.

  These switches do not run ios, so they are similar, but different from the catalyst switches that you mentioned.

  -remember messages useful rate.

• EMS 2010 routing problem inter vlan

  OK, back to the base, I tried to install complicated things that did not work so now, I'm leaving the base.

  I am trying to configure my SGE2010 48 ports Gigabit cisco / switch for routing inter - vlan.

  so far, I put the mode switch layer 3 from the telnet console and rebooted, it.

  entered the interface web and changed the ip of the vlan by default management 192.168.2.3

  added the vlan 70 and vlan bridging 180, section of mangement of vlan

  under the IP, IPv4 interface address, I've added the IP address for each virtual local area network as follows:

  IP Interface Mask

  192.168.70.3 255.255.255.0 VLAN 70

  192.168.180.3 255.255.255.0 VLAN 180

  then I went in transition, management of VLANs, vlan to the port:

  set the port g1 get access to the vlan 70

  sets the g2 as an access port for vlan 180

  connected A computer to port g1 with static IP 192.168.70.200 mask 255.255.255.0 Gateway 192.168.70.3

  connected computer B to port g2 with static IP 192.168.180.180 mask 255.255.255.0 Gateway 192.168.180.3

  I'll then in the routing static routing: I see the 192.168.70.0 destination IP address 24 as a type of local railway and even for 192.168.180.0 24 as the type of local railway

  on a computer, I ping the gateway 192.168.70.3 and it works

  on computer B, I ping the gateway 192.168.180.3 and it works

  problem is that they cannot ping each other, windows firewall is disabled on both computers.

  If I do a tracert on any of the computer he reach the gateway by default but then expire on the second jump.

  any suggestions what I could have done wrong and the solution to the problem would be appreciated.

  Edit: Here's the running configuration if it helps:

  Cisco-SGE2010 # show running-config

  database of VLAN

  VLAN 70 180

  output

  g ethernet serial interface (1.26)

  switchport access vlan 70

  output

  interface ethernet g2

  switchport access vlan 180

  output

  interface vlan 70

  printer name

  output

  interface vlan 180

  name wireless

  output

  interface vlan 1

  IP 192.168.2.3 address 255.255.255.0

  output

  interface vlan 70

  IP 192.168.70.3 255.255.255.0

  output

  interface vlan 180

  IP 192.168.180.3 255.255.255.0

  output

  Cisco-SGE2010 hostname

  location of the Server SNMP here

  SNMP Server contact me

  Cisco-SGE2010 #.

  If you can test both the interface switches the routing works correctly. You need to maybe turn off the Windows Firewall or open the firewall to allow ICMP to a different subnet. Windows Vista and 7 by default will block ICMP from any other subnet then their own.

  Cisco Small Business Support Center

  Randy Manthey

  CCNA, CCNA - security

• How to console Access of Cisco SG 300 - 28 P

  Hi Experts,

  We have just a cisco SG 300 - 28 P switch. We tried the initial installation according to the manual, but we are not able access the switch to configure. Suite of methods we tried:

  1. connected a lan cable from a computer to an ethernet port on the switch, statically assigned 192.168.1.100 IP address to the computer and attempted to access switch with default IP address: http://192.168.1.254

  2 connected the serial cable that was awarded with the switch on a machine a I tried to access through terminal tera. I have seen cables serial that has RS 32 port to be connected to the machine and RJ45 adapter to the switch console port. But for this switch, it is opposite, IE the RS 32 port switch and RJ 45/machine.

  It would be great if we can access the switch through the console port. Please help me on this.

  Kind regards

  Martin

  Hello

  The correct console cable type is null-modem cable DB9 R232 has "Female DB9" connectors at both ends of the cable.

  Kay Lee Yiu

  Concentrix at Cisco

  .:|:.:|:. CISCO | Kay Lee Yiu | Pre-sales SMB | [email protected] / * / | Phone + 1 (855) 354-7776

  

• Problem of trunking routing\802.1 Q inter - VLAN SGE2000P - Cisco 2821

  I am to evaluate the EMS and is unable to get routing inter - VLAN to work on aid and the external router via a 802. 1 q trunk. I have a 2821 with 3 secondary interfaces and I use the VLAN 1 as the VLAN native. G0/0 on router is connected to the port of G1 to the port of the EMS. I can create a VLAN and devices in the VLANs can reach devices in their VLAN respective, but they can't get the router IP address to access the other subnets. Currently I have the port connected to the configuration of the router, as a trunk by using VLAN 1, which is not marked. The EMS has the latest firmware and I tried some types of access ports, general & trunk, changed the PVID, nothing has worked for the other ports on the switch. What would have taken two minutes on a Cisco Configuration switch left flabbergasted me, it could be a defective switch? I was not able to find documentation or examples of this configuration scenario.

  For reference, config the router interface:

  G0/0.1

  encapsulation dot1q 1 native

  IP 1.1.1.1 255.255.255.0

  G0/0.2

  encapsulation dot1q 2

  2.2.2.1 IP address 255.255.255.0

  G0/0.3

  encapsulation dot1q 3

  3.3.3.1 IP address 255.255.255.0

  Any help\direction is appreciated.

  Thank you

  Burt

  Burt Hello, good evening,

  Have you included the VLAN 2 and 3 on the trunk port and ensured that they are labeled?  It should be set to tagged.  The Web interface can be confusing with this config / operation.

  Please check this and let me know, and if necessary I'll lab this for you as well.  Please let me know,

  Andrew

• No SG300-52 routing inter - VLAN

  Hello

  I have a base on this SG300-52 configuration:

  • L3 is enabled
  • Latest Firmware is installed (1.4.0.88)
  • Vlan1 IP is 10.0.0.1/24
  • A PC is connected to port 1 (with IP 10.0.0.3)
  • VLAN99 IP is 192.168.0.2/29
  • A router is connected to the 49 port (with the 192.168.0.1 IP address and Internet access to the router is OK)
  • On SG300-52 default gateway is 192.168.0.1

  The SG-300:

  • I can ping the default gateway (192.168.0.1) and any Internet address, using 192.168.0.2 as address IP Source
  • I can't ping the default gateway (192.168.0.1) or any Internet address, using 10.0.0.1 as address IP Source
  • I can ping my PC (10.0.0.3), using 10.0.0.1 as the IP Source address
  • I can't ping my PC (10.0.0.3), using 192.168.0.2 as address IP Source

  There is no routing inter - VLAN, but I can't find how to activate...

  The complete configuration is the following:

  #show run SG300-52
  config-file-header
  SG300-52
  v1.4.0.88 / R800_NIK_1_4_194_194
  CLI v1.0
  router adjustment system mode

  SSD of encrypted file indicator
  @
  SSD-control-start
  config of SSD
  control of password file unrestricted SSD
  no control of the integrity of the file ssd
  SSD-control-end cb0a3fdb1f3a1af4e4430033719968c0
  !
  database of VLAN
  VLAN 99
  output
  Add a voice vlan Yes-table 0001e3 Siemens_AG_phone___
  Add a voice vlan Yes-table 00036 b Cisco_phone___
  Add a voice vlan Yes-table 00096e Avaya___
  Add a voice vlan Yes-table 000fe2 H3C_Aolynk___
  Add a voice vlan Yes-table 0060 b 9 Philips_and_NEC_AG_phone
  Add a voice vlan Yes-table 00d01e Pingtel_phone___
  VLAN voice Yes-table add Polycom/Veritel_phone___ 00e075
  Add a voice vlan Yes-table 00e0bb 3Com_phone___
  Hello interface range vlan 1
  hostname SG300-52
  username privilege 15 c464af817287343305cbd6493c593885695df531 encrypted password cisco
  property intellectual ssh server
  Server SNMP Server
  The telnet server IP
  !
  interface vlan 1
  the IP 10.0.0.1 255.255.255.0
  no ip address dhcp
  !
  interface vlan 99
  name WAN
  IP 192.168.0.2 255.255.255.248
  !
  interface gigabitethernet49
  switchport mode general
  VLAN allowed switchport General add 99 unidentified
  switchport General pvid 99
  !
  output
  Default IP gateway 192.168.0.1

  You have an idea on the issue?

  Thanks in advance for your help.

  Hi Anthena1390

  My email is [email protected] / * /. When you reply to the email can let me know which devices need to communicate on VLAN 99. Is there a major reason for SG300 happen DHCP assumes that your router? Well I would like to add a few screenshots, they will show you how to properly set up a P2p link, assign DHCP pools, how to correctly add default routes. Send an email and lets get your problem is resolved.

• RV042G router - Inter VLAN

  RV042G router - Inter VLAN:

  Is this router supports 802. 1 q? Or do I have to connect to a router port by VLAN?

  for example. If I have 2 VLANS configured on a SINGLE SWITCH, do:

  (a) TRUNK VLAN switch and plug a port on the ROUTER?

  (b) connect a port on the ROUTER to VLAN1 and another port to VLAN2?

  Thank you

  Henrique

  Hello Henrique,

  The RV042G is not compatible 802. 1 q Trunking, so you would need a VIRTUAL local network connection.

  According to the switch, you may need to disable the tree covering both to make multiple connections to the same router work.

  Hope that helps,

  Christopher Ebert - Advanced Network Support Engineer

  Cisco Small Business Support Center

  * Please note the useful messages *.

• Problem with routing inter - VLAN... How to solve it?

  Hi all.

  I have a WRVS4400N in my office to have a VPN with our main customer and also to manage the entire network of small size.

  In two weeks, more or less we will change our office somewhere else, merge two in one.

  At its new location, we will have two different ADSL connections, and we will keep our separate LAN to the other LAN.

  The goal is to interconnect the two local networks in order to 'see' the machines on one local network to another, but keep the two local networks with their current configuration, subnet, etc..

  To achieve this, I created a new VLAN on the router and I have attached only port4 to this VLAN.

  

  

  As you can see, VLAN main has its own/24 subnet (10.148.145.0/24) and dhcp enabled (for addresses on my LAN) while the new VIRTUAL local network has its own 24 subnet too (10.0.0.0/24) but with the disabled dhcp (is a different LAN with its own DHCP server).

  

  

  

  

  VLAN 1 use ports 1-3 and VLAN 2 use the single port 4.

  Of course, I enabled routing inter - VLAN:

  

  To emulate the future scenario, I connected a router with an Internet port 4 with IP:10.0.0.2, and I therefore two different local networks.

  Well, the reality is this:

  -From my PC connected to the VLAN1 I have an IP address (assigned by my Cisco) and I see all my VLAN and I see 10.0.0.1 too (IP of the router on VLAN2), but I don't see any more (pings to 10.0.0.2 didn't answer). I can access Cisco router to 10.0.0.1 and 10.148.145.97.

  -My PC connected to the VLAN2 I have an IP address (assigned by the other router on 10.0.0.2), I see only my VLAN (10.0.0.0/24 IPs). I can access only Cisco router to 10.0.0.1.

  How can I do to enable these two VLANS to 'see' each other?

  How can I control access to the WAN port? I don't want machines to VLAN2 accessing internet through our router.

  Thank you and best regards!

  Hello Francisco,.

  In router mode gateway mode switch will turn off the NAT on the router. Which will allow to the vlan 2 does not to get out to the internet but also vlan 1 and which is not what you want. You may be able to create access rules and deny rules for not being able to get out of the internet... may create some default of the rules of the road as 0.0.0.0. Also, you may be able to create internet air to stop a certain subnet that it is able to get out of the internet as well.

  Regarding the VLAN talk to each other, everything looks good, routing inter - vlan, it is allowing the two VLAN to talk to each other and which is activated. What your default gateways are installed on devices you are testing? As long as default gateways on your PC and devices are pointing to the routers ip/gateway address, you should be good to go at this point.

  VLAN 1: default gateway should be 10.148.145.97

  VLAN 2: default gateway must be 10.0.0.1

  Other than that everything seems to be implemented correctly based on the images. The VLANs that you put in place on the ports are correct.

  Let me know your devices are configured on the rise and will go from there.

  Hope this helps,

  Thank you

  Clayton Sill